Blog Post

Azure Confidential Computing Blog
5 MIN READ

Preview of Azure Confidential Clean Rooms for secure multiparty data collaboration

Deepak_JV's avatar
Deepak_JV
Icon for Microsoft rankMicrosoft
Nov 19, 2024

Today, we are excited to announce the preview of Azure Confidential Clean Rooms, a cutting-edge solution designed for organizations that require secure multi-party data collaboration.

 

With Confidential Clean Rooms, you can share privacy sensitive data such as personally identifiable information (PII), protected health information (PHI) and cryptographic secrets confidently, thanks to robust trust guarantees that help ensure that your data remains protected throughout its lifecycle from other collaborators and from Azure operators. This secure data sharing is powered by confidential computing, which protects data in-use by performing computations in hardware-based, attested Trusted Execution Environments (TEEs). These TEEs prevent unauthorized access or modification of application code and data during use.

 

Organizations across industries need to perform multi-party data collaboration with business partners, outside organizations, and even within company silos to improve business outcomes and bolster innovation. Confidential Clean Rooms help derive true value from such collaborations by enabling granular and private data to be shared while providing safeguards on data exfiltration hence protecting the intellectual property of the organization and the privacy of its customers and addressing concerns around regulatory compliance.

 

Whether you’re a data scientist looking to securely fine-tune your ML model with sensitive data from other organizations, or a data analyst wanting to perform secure analytics on joint data with your partner organizations, Confidential Clean Rooms will help you achieve the desired results.

You can sign up for the preview here

Key Features

  • Secure Collaboration and Governance: Allows collaborators to create tamper-proof contracts that contain the constraints which will be enforced by the clean room. Governance verifies validity of those constraints before allowing data to be released into clean rooms and helps generate tamper-proof audit trails. This is made possible with the help of an implementation of the confidential consortium framework.
  • Enhanced Data Privacy: Provides a sandboxed execution environment which allows only authorized workloads to execute and prevents any unauthorized network or IO operations from within the clean room. This helps keep your data secure throughout the workload execution. This is possible with the help of deploying clean rooms in confidential containers on Azure Container Instances (ACI) which provides container group level integrity with runtime enforcement of the same.
  • Verifiable trust at each step with the help of cryptographic remote attestation forms the cornerstone of Confidential Clean Rooms.

 

Salient Use Cases

Azure Confidential Clean Rooms caters to use cases spanning multiple industries.

  • Healthcare: For fine-tuning and inferencing with predictive healthcare machine-learning (ML) models and for joint data analysis for advancing pharmaceutical research. This can help protect the privacy of patients and intellectual property of organizations while demonstrating regulatory compliance.
  • Finance: For financial fraud detection through analysis of combined data across banks and other financial institutions and for providing personalized offers to customers through secure analysis of transaction data and purchase data in retail outlets
  • Media and Advertising: For improving marketing campaign effectiveness by combining data across advertisers, ad-techs, publishers and measurement firms for audience targeting and attribution and measurement
  • Retail: For enhanced personalized marketing and improved inventory and supply chain management
  • Government and Public Sector Organizations: For analysis of high security data across multiple government and public sector organizations to streamline benefits for citizens

 

Customer Testimonials

We are already partnering with several organizations to accelerate their secure multi-party collaboration journey with confidential clean rooms.

Confidential computing in healthcare allows secure data processing within isolated environments, called 'clean rooms', protecting sensitive patient data during AI model development, validation and deployment. Apollo Hospitals uses Azure Confidential Clean Rooms to enhance data privacy, encrypt data, and securely train AI models. The benefits include secure collaboration, anonymized patient privacy, intellectual property protection, and enhanced cybersecurity. Apollo’s pilot with Confidential Clean Rooms showed promising results, and future efforts aim to scale secure AI solutions, ensuring patient safety, privacy, and compliance as the healthcare industry advances technologically.

- Dr. Sujoy Kar, Chief Medical Information Officer and Vice President, Apollo Hospitals

 

 

Azure Confidential Clean Rooms is a game changer to make collaborations on sensitive data both seamless and secure. When combined with Sarus, any data processing job is automatically analyzed using the most advanced privacy technology. Once validated, they are processed securely in Confidential Clean Rooms protecting both the privacy of data and the confidentiality of the analysis itself. This eliminates administrative overheads and makes it very easy to build advanced data processing pipelines. With our partner EY, we're already leveraging it to help international banks improve AML practices without compromising privacy.

Maxime Agostini, CEO & Cofounder of Sarus

Read here to learn more about how Sarus is using Confidential Clean Rooms.

As co-leaders on this Data Consortium Pilot, we are thrilled to be working with industry partners, Sarus and Microsoft, to drive this initiative forward.  By combining Sarus’ privacy preserving technologies and Microsoft’s Azure Confidential Clean Rooms, not only does this project push the edge of technology innovation, but it strives to address a pivotal issue that affects us as Canadians.  Through this work, we aim to help financial services organizations and regulators navigate the complexities of private and personal data sharing, without compromising the integrity of the data, and adhering to all relevant privacy regulations.  For the purposes of this pilot, we are focusing our efforts on how this technology can play a pivotal role in helping better detect cases of human trafficking, however, we recognize that it can be used to help organizations for multiple other use cases, and cross industries, including health care and government & public sector.

- Jessica Hansen, Privacy Partner EY Canada, and Dana Ohab, AI & Data Partner EY Canada

Retrieval-Augmented Generation (RAG) applications accessing Large Language Models (LLMs) are common in private AI workflows, but managing secure access to sensitive data can be complex. SafeLiShare’s integration of its LLM Secure Data Proxy (SDP) with Azure Confidential Clean Rooms (ACCR) simplifies access control and token management. The joint solution helps ensure runtime security through advanced Public Key Infrastructure (PKI) and centralized policy management in Trusted Execution Environments (TEEs), enforcing strict access policies and admission controls to guarantee authorized access to sensitive data. This integration establishes trust bindings between the Identity Provider (IDP), applications, and data, safeguarding each layer without compromise. It also enables secure creation, sharing, and management of applications and data assets, ensuring compliance in high-performance AI environments.

- Cynthia Hsieh, VP of Marketing, SafeLiShare

Read here to learn more about how SafeLiShare is using Confidential Clean Rooms.

 

 

Learn More

 

 

 

 

 

 

 

Updated Nov 20, 2024
Version 2.0
No CommentsBe the first to comment